MCPcopy
hub / github.com/tailscale/golink / HSTS

Function HSTS

golink.go:394–409  ·  view source on GitHub ↗

HSTS wraps the provided handler and sets Strict-Transport-Security header on responses. It inspects the Host header to ensure we do not specify HSTS response on non fully qualified domain name origins.

(h http.Handler)

Source from the content-addressed store, hash-verified

392// responses. It inspects the Host header to ensure we do not specify HSTS
393// response on non fully qualified domain name origins.
394func HSTS(h http.Handler) http.Handler {
395 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
396 host, found := r.Header["Host"]
397 if found {
398 host := host[0]
399 fqdn, err := dnsname.ToFQDN(host)
400 if err == nil {
401 segCount := fqdn.NumLabels()
402 if segCount > 1 {
403 w.Header().Set("Strict-Transport-Security", "max-age=31536000")
404 }
405 }
406 }
407 h.ServeHTTP(w, r)
408 })
409}
410
411// serverHandler returns the main http.Handler for serving all requests.
412func serveHandler() http.Handler {

Callers 2

RunFunction · 0.85
TestNoHSTSShortDomainFunction · 0.85

Calls

no outgoing calls

Tested by 1

TestNoHSTSShortDomainFunction · 0.68